1. Field of the Invention
The present invention is directed to allowing a more secure initial, and continuous authentication of virtual private network (VPN) tunneling. The device of the present invention contains its own microprocessor and operating system which connects to the host system via a universal serial bus (USB). The present invention involves executing and storing of the VPN software, certificates, credentials and sensors on the device, which allows for more security and manageability as opposed to executing the VPN on the host system. The device can be configured for Login, Quick Response (QR) Codes, Near-Field Communication (NFC) or Bluetooth Low Energy (LE) proximity authentication to activate or deactivate the VPN tunnel.
2. Description of the Related Art
A VPN system allows users to send/receive data across shared or public networks, over the internet, as if their computers were directly connected to a private network. The VPN tunnel is a secure, encrypted connection, between the user's client computer and computers and/or servers operated by the VPN service.
Traditional VPN tunnels (i.e., Internet Protocol Security Standards, such as RFC2547, and RFC4364) require software, certificate and password information to be installed on the personal computer (PC) (i.e., desktop, laptop, etc.) of the user. However, this approach has the risk of the user's computer being hacked since all the information is stored there. Another risk is if the user's computer is stolen with the certificates and passwords on the computer itself, then this would leave the network behind the VPN server vulnerable until the certificates were revoked.
In other concerns, once the user logs into the personal, client computer, the VPN tunnel can be opened automatically or by the user logging in with the tunnel application. However, once the user walks away from the computer, the tunnel is still open with the computer unlocked, and anyone can walk up to the computer and access the VPN network. Another scenario of concern is where the user locks the computer and someone uses a remote desktop platform (RDP) into the computer to access the tunnel.
Specifically, in a traditional, installed VPN client computer, the certificates, passwords, and endpoint information are stored in software on the operating system (OS) drive. The OS drive is installed on the user's client computer, and the VPN tunnel accesses the internet via the network information center (NIC). The Internet Protocol Suite (TCP/IP) application accesses the VPN tunnel by IP or hostname, but first accesses the VPN software, and the TCP/IP application accessing the internet by IP or hostname, proceeds via a default gateway to the NIC before reaching the internet. These certificates, passwords, and endpoint information are vulnerable if the desktop or laptop is stolen or hacked.
Thus, a way of securing the VPN tunnel and the certificates, passwords, and endpoint information in software on the OS drive on the client computer, is desired.